Starting with Security+

Introduction

Going to college can teach you alot especially if your degree is cybersecurity. But nowadays, around the time of this posting, everyone has a degree in the ever evolving field of cybersecurity or computer science. I needed a start to prove to myself and others that I knew what I’m doing in tech that was more than just my degree. I realized certifications are the next best thing compared to a degree if getting a job in the field is too difficult. Surely this will give me the advantage in the job market. Right? Searching around through the hundreds if not thousands cybersecurity certifications, I set my sight on CompTIA’s Security+ ce.

Getting Serious

By the time I started preparing for Security+, there was two versions of the exam, SY0-601 and SY0-701. The 601 version is more conceptual and has more standards or compliance and the 701 version is more practical and updated for current trends. I went with the 701 version because of two items: its practical nature and the new addition of involving cloud and automation.

Security+ has two type of questions: mutliple-choice and performance-based. Multiple-choice is exactly what you expect, a question with four possible answers like definitions or acronyms. Studying flashcards and doing practice tests is what I did to refresh myself on information I needed for the exam. Performance-based, or PBQ for short, is more like a diagram or situation type of question, where you fill in missing parts of a diagram or solve what is happening in explained situation. Studying for PBQs were a bit more difficult to do. It could be a firewall exercise, matching situations to attacks, or even reading logs. I won’t be getting any more specific than this.

My form of studying for PBQs was to make them practical by deploying firewalls, reading web log files, and getting a deeper understanding of attacks by performing them myself on virtual machines. This led to me starting a half-baked homelab network for cybersecurity purposes instead of running a bunch of individual virtual machines. Whenever studying for more practical questions, I recommended practical methods and solutions to gave the experience of actually doing the task.

Some examples of practical solutions:

• Deploy a pfSense firewall into a virtual environment between other virtual machines and the internet then change the firewall rules to block certain traffic and allow other.
• Deploy some beginner Vulhub virtual machines and read through guides on how to attack them.

Once enough studying was done, I set my exam date to be soon after, like a week. I already did all my preparation and studying beforehand but if you set it up before preparing, it is a great motivator. I didn’t want to forget common items but I knew I’d waste my time studying those instead of more difficult questions. Therefore, all my studies for that week was mostly things I wasn’t the most confident on.

E-Day

January 9th, 2024 aka Exam day, was proctored at a Pearson VUE testing center. With the exam only being 90 minutes long and having up to a maximum of 90 questions, I went in aiming for the PBQs first as they could take the longest. Luckily, I only had a few PBQs and was able to move onto the multiple-choice questions quickly. Remember being able to skip questions, allows other questions to be answered swiftly and makes more time avaliable to the skipped or more difficult questions presented.

Nearing the end of the exam, I double even triple checked to see I still wasn’t unsure about a question or not and finally submitted. Even for a entry level certification, the pressure is still there. So when I saw “PASS” on my screen, I was relieved.

Resources

1. Official CompTIA Security+ Exam Objectives
2. Quizlet of Acronyms - 300+ Flashcards
3. Youtube Channel: Cyberkraft - Great content for the visual learners
4. Vulhub - Environments for understanding what attacks do.

Conclusion

Security+ by itself doesn’t give a large advantage in the current job market as it’s rated to be an entry level certification. But in the end, I’m glad I did it because it’s just the start. Just have to keep on moving, gaining from every step you take. A little bit every day adds up to more than staying same.